Do you and/or your employees check email while connected to public WiFi
networks or at home? Did you know that your user names, passwords and the
email messages are as easy as this web page to read using simple tools that
can be downloaded by anyone? Now you know! There is a simple way to fix
this problem using a secure socket layer (SSL) certificate on your email server.

Most email servers support what is known as TLS encryption and most email
web servers (like Outlook Web Access or OWA) support SSL encryption.
Fortunately, they both can use the exact same certificate on a Microsoft
IIS web server to set up a secure encrypted connection for communication.
This all works in the background. The end-user will just gain the
security without the complication, but you, the server administrator have
a little work to do in order to make this happen.

The first step in securing your server is determining exactly what you
want to secure and to what level. There are so many options and reasons
for using each one that you really need to understand the processes used
and how they work. This includes the security level, the
server resources the security will consume and much more. So, let's begin...

Microsoft IIS needs to support SSL. Out of the box it does not do this,
but by simply going into your server config you can easily add the
functionality.
Here is the Microsoft Technet article which explains what you need to do on an IIS 6.0
server. (Applies to: Windows Server 2003)
Here is the Microsoft Technet article which explains what you need to do on an IIS 7.0
server. (Applies To: Windows Server 2008, Windows Server 2008 R2)

The next step requires you to create a server instance using the built-in
Microsoft SSL Certificate Wizard. This is where things get a little more
complicated, but.. you can do it! Just follow the steps to create a
certificate request, and save the request so that you can process it
later. Do NOT try to submit the request within the wizard as it will
limit what SSL certificate you can get, and where you can get it. One
thing that you need to adjust is the size of the key. A minimum of 2048
bits are required now. Make sure to select that instead of the default
1024 bits in the wizard. You will also need the domain visible in the
whois database (not private registration) and access to the administrative
contact email or an admin/administrator address in the domain you own to
receive the messages for the approval process. If you are confused about
this please give us a call for assistance. We know how daunting a process
this can be if you are not familiar with it. Once you understand it
things are actually quite simple. We will get you there painlessly.

When you are ready to make that cert request and get a certificate we
suggest you find a reliable source (like us) that can
also give you support, and provide help installing your SSL certificate should you need it. There is
nothing as frustrating as being told that this is your problem and they do
not proivide assistance. Chances are you pay top dollar for that
abuse too!

A little information on TLS:
A TLS connection used for email communication requires only a simple 2048
or greater bit encryption (ECC) certificate. The certificate can be
using a certificate chain as you will be sending out the encrypted data
directly. Basically, the email server will send out the request via a
command like "STARTTLS". A remote server or email client will see this and begin to
negotiate a secure connection if it has that ability. More and more
servers are set up to do this, but most organizations require a private
email server is used as a large email provider cannot guarantee the
security on their server will meet all regulations. PCI-DSS requires a
higher dedicated instance using a certificate in your company name. If you
are using a web based connection then you must decide whether a simple
certifate or a more complicated green bar (verified) certificate is
required. In some cases you may need to have this level of protection.
These SSL certificates are much more expensive so think twice. It looks
great but you may not need it.

Forced TLS:
Many servers allow you to force a TLS connection when talking to specific
hosts. Make sure that you server does! This allows compliance to
companies that must use TLS for some communications. There are more and
more reasons you need this, including the new HIPAA regulations, insurance
regulations, PCI-DSS requirements and more. The new HIPAA regulations
extend the responsibility beyond a healthcare provider now, and those who
exchange information with them now have to abide by many of the same rules
which include secured email connections.

Your Data Center Incorporated
provides pre-sales, sales and flat-rate installation support when
purchasing an SSL certificate from us. We also give you the lowest prices around on top industry names like Comodo,
Geotrust, Symantec, Thawte, RapidSSL and Verisign. Our installation
support is not free, but with the money you save buying the SSL
certificate from us it will feel like it is! That is what makes
Your Data Center a trusted name for all things Internet, from managed
hosting
to self-hosting via a three continent wide hosting environment, hundreds
of top-level and sub-level domains name extensions, secure server
certificates for web server and mail server use and much more. We even
have wildcard and multi-domain SSL certificates. Our partnerships allow
us to give you the lowest prices available on the planet! Compare us to
the rest and you will find there is no one who can offer what we can!
No one!